Commerce Committee Democrats Set Focus on Cybersecurity Threats to Nation’s Aviation System, Impact on Consumers
September 19, 2024
Hearing comes in the wake of cybersecurity attack on Sea-Tac Int’l Airport
U.S. Senator Maria Cantwell (D-Wash.), Chair of the Senate Committee on Commerce, Science and Transportation, and Committee Democrats focused during yesterday’s hearing on the need to invest in resilient and redundant information technology systems at airports and airlines to better protect against cybersecurity threats, safeguard passengers’ and employees’ personal data—including credit card and frequent flyer accounts—and ensure consumers have the tools they need to recover when they are harmed.
The Committee heard testimony from Seattle-Tacoma International Airport Aviation Managing Director Lance Lyttle regarding last month’s cyberattack, as well as Airlines for America Managing Director for Cybersecurity Marty Reynolds, and National Consumers League Vice President of Public Policy, Telecommunications and Fraud John Breyault.
“The reality is stark: our aviation industry is under constant threat from cyberattacks, up 74 percent since 2020,” said Sen. Cantwell. “Every time we witness these technology failures, consumers are the ones left holding the bag.”
Last month, Sea-Tac International Airport was hit by a ransomware attack from the Rhysida Group, forcing the airport to shut down various computer systems, including its internal email and website. Gate display boards went dark, employees used paper signs to direct passengers to gates, airlines issued paper tickets and customers waited at baggage claim while airport staff manually sorted thousands of checked bags. The attack group, believed to be a Russian organization, has threatened to release personal identifiable information of airport employees unless the Airport pays $6 million worth of Bitcoin ransom.
“That is why we are here today – to spotlight this issue and figure out what more needs to be done, and to let the travelling public know [what] Congress and the federal government are doing to combat potential disruptions to their air travel and safety,” Sen. Cantwell said.
Watch Senator Cantwell’s Opening Statement Here
Sen. Duckworth stressed the importance of avoiding a single point of failure and the importance of information sharing to build stronger network systems.
Sen. Duckworth: I am a pilot myself. I know that the basic thing in aviation safety is you should never be left to a single point of failure in any system and that redundancy saves lives. When Boeing left a safety critical system on the 737 MAX dependent on a single angle of attack sensor, two flights crashed, killing 346 people. So when I see the NOTAM system knocked out by an accidental file deletion and so much of the aviation system knocked out by the CrowdStrike software update, that really worries me, that’s a single point of failure and we don't want that.
To better protect the aviation systems from cyberattacks, I believe we need to improve both redundancy and resiliency.
Mr. Lyttle, how can airports, airlines, and the federal government work better together to help improve the redundancy and the resiliency in our systems computer network?
Mr. Lyttle: I think we have to do far more information sharing. We can always learn from each other. Airports can learn from other airports. We can also learn from the TSA and CISA in terms of the information they are gathering and seeing out there. Sharing this information immediately with the aviation industry.
Airports in general have very robust cybersecurity, but nothing is impenetrable, nothing is 100% secure. So if each airport can actually learn from each other … we are required to submit these plans to the TSA and CISA, if they can consolidate this information, come up with a recommendation and standards in a much more timely manner and disseminate that back to the aviation industry so that we can continuously improve our cybersecurity defenses.